PHP Session Timeout Setting:
The session's timeout monitors the registered user's inactivity. A session is created for a user when they log into a website, and it expires when they log out or close their browser.
Setting a time restriction for a user's inactivity is done via the session timeout. Consider a scenario in which the session timeout limit is set to 60 seconds. If a user is inactive for 60 seconds, their session will expire and they will need to re-log in before they can access the site. This tutorial has demonstrated how to set or alter the PHP session timeout.
PHP Session Handling
To start a new session for the user, use the session_start() function. PHPSESSID is the standard session name, and it is used to determine whether a session is active or not. A new session will be created for the user if no cookie or session information is found; otherwise, the user will use the existing session.
Session Timeout Setting
Setting the value of two directives in the php.ini file or using the ini_set() method in the PHP script will control the session timeout limit. The instructions are provided below.
session.gc_maxlifetime
It is used to specify the maximum amount of time, in seconds, for the server to hold session data.
session.cookie_lifetime
The PHPSESSID cookie's expiration time limit is configured using this method.
PHP Session Timeout Setting
This section of the tutorial uses numerous examples to demonstrate how to set the session timeout value in PHP for handling a user's session.
Example 1: Using the $_SESSION array, set the session timeout value.
To set the session timeout value using the PHP super global variable, $_SESSION, create a PHP file with the following script. For testing purposes, the session's duration has been set to 5 seconds. Next, a variable called $time has been created and stored with the user's request time for the page. The user's current session will be terminated and a new session created if the $time variable and the user's most recent activity are separated by more than 5 seconds. The session was terminated by the script using the session_unset() and session_destroy() routines.
php
//Start a new session
session_start();
//Set the session duration for 5 seconds
$duration = 5;
//Read the request time of the user
$time = $_SERVER['REQUEST_TIME'];
//Check whether the user's session exists or not
if (isset($_SESSION['LAST_ACTIVITY']) &&
($time - $_SESSION['LAST_ACTIVITY']) > $duration) {
//Unset the session variables
session_unset();
//Destroy the session
session_destroy();
//Start another new session
session_start();
echo "New session is created. <br/>";
}
else
echo "Current session exists. <br/>";
// By default PHP will track the duration of the session variables and retain it based on the PHP settings. This will be calculated from the time the session was created/updated (whichever is the latest) till the current time. If we don't update the values in any of the session variables, then it will calculate the time from when the session was created. To avoid this problem, we need to update the session value during each page navigation as below:
Output:
After the aforementioned script has been run for the first time, the output listed below will appear.
If the page is refreshed after 5 seconds, the output that will appear is as follows.
Example 2: Use the $_SESSION array and time() function to set the session timeout value.
Using the built-in PHP function time() and the superglobal variable $_SESSION, create a PHP file containing the following code to set the session timeout value. The system's most recent timestamp value is returned by the time() method. The script has 600 seconds (10 minutes) designated as the session's runtime.
The session's beginning time has been stored in the $_SESSION['start'] variable. The user's current session will be terminated if there are more than 10 minutes between the current time and the session start time. The session has been terminated in the script using the session_unset() and session_destroy() functions, as in the preceding example.
//Start a new session
session_start();
//Check the session start time is set or not
if(!isset($_SESSION['start']))
{
//Set the session start time
$_SESSION['start'] = time();
}
//Check the session is expired or not
if (isset($_SESSION['start']) && (time() - $_SESSION['start'] >600))
{
//Unset the session variables
session_unset();
//Destroy the session
session_destroy();
echo "Session is expired.<br/>";
}
else
echo "Current session exists.<br/>";
?>;
Output:
After the aforementioned script has been run for the first time, the output listed below will appear. If the page is refreshed after 10 minutes, the message that has expired will be seen.
Conclusion
This tutorial has demonstrated three distinct approaches to setting the session timeout value for handling a user's session in PHP. After reading this article, PHP users will understand the fundamentals of implementing the user's session using the $_COOKIE and $_SESSION variables and be able to use them in their scripts.